Azure Service Bus - 主题和订阅权限

Question

I need to expose some messaging (notification) functionality from our system to a 3rd party.

I'm currently prototyping a solution with Azure Service Bus however I've run into a small snag with permissioning.

                    --> SUB1 --> Provider 1
                   /
MyApp --> TOPIC --<
                   \
                    --> SUB2 --> Provider 2

I want to drop a small JSON message into a Topic . The message will have a "ProviderId" property attached to it, and based on a filtering rule, that message will be filtered out onto a Provider specific Subscription

However I don't seem to be able to specify a shared access policy on the Subscription , to restrict the 3rd party provider to only connecting to their own Subscription

Am I correct in assuming that I should setup auto-forwarding on the subscription to send those messages on to another Queue and then applying the provider specific security there.

                    --> SUB1 --> AutoForward --> Q1 --> Provider 1
                   /
MyApp --> TOPIC --<
                   \
                    --> SUB2 --> AutoForward --> Q2 --> Provider 2

Or is there another/better/recommended way to do this.

Answer 1

Your assumption is correct, The shared access policies can only be created against the namespaces and/or message entities, topic in this case. You can check here for more info.

It seems to me that the auto-forwarding is the best way to go, more info here .

But other thing I can think of is to encrypt the message content using a generated Token that is given to the corresponding provider so it can decrypt that subscription messages but even reading the messages in the other subscription couldn't decrypt them. That means you would need to manage these tokens though.